Published: 18/09/2013 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The NativeKey widget in Mozilla Firefox prior to 24.0, Thunderbird prior to 24.0, and SeaMonkey prior to 2.21 processes key messages after destruction by a dispatched event listener, which allows remote malicious users to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird 17.0.6
mozilla thunderbird 17.0.7
mozilla thunderbird 17.0.4
mozilla thunderbird 17.0.5
mozilla thunderbird 17.0.2
mozilla thunderbird 17.0.3
mozilla thunderbird 17.0
mozilla thunderbird 17.0.1
mozilla thunderbird 17.0.8
mozilla thunderbird
mozilla firefox 22.0
mozilla firefox 21.0
mozilla firefox 19.0.1
mozilla firefox 19.0
mozilla firefox 19.0.2
mozilla firefox
mozilla firefox 23.0
mozilla firefox 20.0.1
mozilla firefox 20.0
mozilla seamonkey 2.14
mozilla seamonkey 2.13
mozilla seamonkey 2.12
mozilla seamonkey 2.11
mozilla seamonkey 2.1
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.14
mozilla seamonkey 2.0.13
mozilla seamonkey 2.0
mozilla seamonkey 2.20
mozilla seamonkey
mozilla seamonkey 2.17.1
mozilla seamonkey 2.17
mozilla seamonkey 2.16
mozilla seamonkey 2.15
mozilla seamonkey 2.10
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.2
mozilla seamonkey 2.18
mozilla seamonkey 2.16.2
mozilla seamonkey 2.16.1
mozilla seamonkey 2.15.2
mozilla seamonkey 2.15.1
mozilla seamonkey 2.13.2
mozilla seamonkey 2.13.1
mozilla seamonkey 2.12.1
mozilla seamonkey 2.0.5
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.10
mozilla seamonkey 2.0.1
mozilla seamonkey 2.10.1
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.12
mozilla seamonkey 2.0.11
mozilla seamonkey 2.19

Mozilla Foundation Security Advisory 2013-80 NativeKey continues handling key messages after widget is destroyed Announced September 17, 2013 Reporter Masayuki Nakano Impact Moderate Products Firefox, SeaMonkey, Thunderbird ...

The NativeKey widget in Mozilla Firefox before 240, Thunderbird before 240, and SeaMonkey before 221 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation ...

CWE-119 https://bugzilla.mozilla.org/show_bug.cgi?id=891292 http://www.mozilla.org/security/announce/2013/mfsa2013-80.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://www.securityfocus.com/bid/62472 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19028 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2013-80/https://access.redhat.com/security/cve/cve-2013-1723

CVE-2013-1723

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect